from the sure,-they-want-it... dept

On Friday, Declan McCullagh over at News.com had the latest reports of the FBI trying to get new laws in place that would require all kinds of internet communication services to include wiretapping back doors, so that law enforcement could tap into them. This isn't a new idea. The FBI has been calling for this for a long, long time. We had mentioned it just last year, but it goes back much further than that. Basically, the FBI is upset that it can't easily tap certain popular VoIP and social networking communication tools. So it wants to effectively force the tech industry to build back doors into pretty much everything.

It's understandable why the government would want this, but that doesn't mean it makes very much sense. First of all, there will always be ways around such taps, and you can bet that major criminals/terrorists are already figuring out how to use systems that are much more protected. Second, as soon as you open up such backdoors, you have pretty much guaranteed that they're going to be abused. Those with nefarious intent will figure out how to access them as well, and people using these systems will be much more at risk, not just of governments spying on their conversations. Second, it's really an impossible task. All that will happen is more alternatives, which will be decentralized and encrypted end-to-end with no possibility of back doors, will likely pop up. The end result won't make it any easier for the FBI to track down real criminals, but will put plenty of non-criminals at risk. Oh, and it will do this while making things much more expensive for any tech company that wants to let its users communicate. That doesn't seem particularly helpful.

Re: Re: Opposed

Inefficient

The FBI can get off their lazy backsides and utilize the NSA and DHS to push the NSA to share all their information with the FBI.

According to a PBS documentary, the NSA can crack most encryption available in very little time. So why doesn't the FBI do the NSA a favour and start accessing the NSA's databases.

Maybe they can learn some SQL commands and figure out how to sort through 4TB growth every month.

What is next, police requesting powers to snoop? Come off it. If you already have the data captured, use that and stop increasing the risk of privacy invasion by everybody and their mother requesting backdoors. If they start with the FBI, it will not end! We need backdoors plugged. The NSA has the access, FBI should get data from them, stop increasing vulnerability because you don't want to share and you don't know how to get along.

Re: Inefficient

According to a PBS documentary, the NSA can crack most encryption available in very little time. So why doesn't the FBI do the NSA a favour and start accessing the NSA's databases.

This is a half-truth. The NSA can only crack older ciphers that have long since had exploits published about them or have become sufficiently obsolete. While a lot of encrypted information is stored using these kinds of ciphers (DES is a good example of a formerly highly-used encryption method that is no longer safe to use), the VAST majority of modern ciphers are still outside of their reach, and that is why they, too, wouldn't mind an ear or two installed on Facebook's servers. If they needed it, of course.

Many security experts have been saying that they likely have been using a much more powerful/overreaching tool for fighting encryption. They likely have an agreement with the major certificate authorities, or the companies who hand out encryption certificates for use with web sites and other services. These companies can issue certificates which allow decryption of supposedly secure traffic. Therefore, the only problem at that point would be storing all that information, since decrypting it is trivial, since the vast majority of encrypted communication on the internet is done using the SSL/Certificate Authority model.

with that point in mind, let's look at something else the NSA has been doing recently.

Technology is hard, we don't want to have to figure out how to adapt so make us a backdoor.

Would it just be easier to try and ban all Voip and other IMs and move us back to the telegraph? Would that make it easier for the FBI to set their own terrorist plots into motion so they can foil them and get some more headlines?

These will never be found by hackers

Really! It'll never be found by people with unlawful intent.
They,whoever they are, assure us of it.
And they promise not to abuse it. Really really cross their heart and hope to die.
And the FBI has such a good record with computers and networks too.

Re: Re: These will never be found by hackers

Well it's all the fault of those funding them really. After all, if they were getting enough funding, they wouldn't have to go out and seize other people's computers/servers to see if it would make a good upgrade for their system.

Talk about entitlement

What gets me is the underlying attitude about all of this. This is the slippery slope in action.

Wiretapping laws originally were really just an extension of existing search laws. Companies could be compelled by court order to allow law enforcement agencies access to their equipment. These taps were gravy, taking advantage of an unexpected side-effect of technology.

Somewhere along the line, they stopped thinking about how lucky they were to have this accidental boon of information and starting thinking that there is such a fundamental right to this information that the law must compel its production.

'It's understandable why the government would want this, but that doesn't mean it makes very much sense.'

it also doesn't make it right that they should be able to do it either. mind you, as stated, the system would be abused. i wonder how the FBI would feel and what they would say when it was their communications that were tapped into?

At least the FBI hasn't done like the East German Stasi from the 1950s to the 1980s. All they have to do is build a listening post to funnel all of the communications traffic into one location so they can spy on the people.

Oh wait. They did that.

Well, I'm glad they haven't forced manufacturers to install specialized equipment in any piece of tech that could be used for any sort of seditious purposes the way the KGB had during the height of the Soviet Union.

No... No they did that too.

Well at least the FBI hasn't tried to set up a censorship backbone to block access to undesirable websites and blogs and create a national firewall in order to protect the citizenry like they have in China!

Which one of these will happen first?

A. The FBI will lose the data, as in: FBI lost 160 laptops in the last 44 months. (Rhetorical questions; do you think that's the full extent of all of the laptops, pads, phones, USB sticks, external hard drives, CDs, DVDs, etc. lost by the FBI? Do you think that they've somehow magically stopped losing them? What percentage of these devices had unencrypted or poorly-encrypted data on them at the time they were lost?)

C. The FBI will outsource analysis to one of the many, MANY contractors who are eager to exploit the OMG!OMG!CYBERWAR hysteria by using "grep" to search for keywords and charging hundreds of millions of dollars for their services. These contractors will be quite thoroughly hacked by the first bored seventeen-year-old with an attitude, as in Stratfor Hacked, the data will be exfiltrated, and then put up for sale on the open market.

D. The backdoors will be discovered after they've been inserted but well before the FBI gets around to using them. Their new owners, pleased with their acquisitions, will need to decide whether to use them to fully exploit the services where they're installed, whether to start feeding entirely bogus (fabricated) data to the FBI, or whether to just siphon off the data and, once again, put it up for sale on the open market. (Alternatively, they could just trawl through the data and look for blackmail material, then offer to keep the FBI from seeing it...for a price. Note that it's not necessary that such blackmail material actually exist: after all, it's easy enough to just make it up.) Perhaps a really clever intruder will work out how to use the backdoors to funnel malware to the FBI, which doesn't exactly have a history of executing IT projects well, see for example: FBI's Beleaguered Sentinel Project Delayed Again.

Re: Re: Which one of these will happen first?

These types of actions will just drive more people to open source alternatives. By it's very nature, it's immune to such silliness from governments. Usually open source contributors are from various different countries and as such wouldn't need to follow such a law. And more importantly, if some sort of malicious FBI code was somehow included in an OSS project all it takes is for one person the remove it and re-release the project since the source is open.

backdoor keys (and front and side doors too)

Why don't they just cut to the chase and request keys to all backdoors? Period. Enough of this slippery slope, pussy footing around. Everyone is a a suspect. (J. Edgar would have liked that, himself a perv and hypocrite.) Anyone: everyone just send a copy of your house/office/car (whatever) keys to the clowns with guns and we'll all live happily ever after.

Re: backdoor keys (and front and side doors too)

I saw another story on this -- couldn't find it with a brief search -- that said there was a massive protest against the invasion of privacy, and the city officials basically replied that the government knew best. One offical was quoted as saying that he doesn't care how unpopular a law is, government officials must do what they think is best.

FBI Wants Backdoors To Snoop

not any more its the government State
we will be chipping you for your own good
(DARPA wants to chip solders)
(http://www.fudzilla.com/home/item/27053-darpa-wants-to-chip-solders)

so we can protect you from harm
we will decide what you may eat
we will decide what you may read
we will decide what you may watch
we will decide what you may say
we will decide whats best for you
not excluding
re education camps
sterilization camps
extermination camps
this is for your protection and well being
the Government state

crazy only posted this yesterday now the chipping part shows up today
rest cant be to far away

Go back to bed, America. Your government has figured out how it all transpired. Go back to bed, America. Your government is in control again. Here. Here's American Gladiators. Watch this, shut up. Go back to bed, America. Here is American Gladiators. Here is 56 channels of it! Watch these pituitary retards bang their fucking skulls together and congratulate you on living in the land of freedom. Here you go, America! You are free to do as we tell you! You are free to do what we tell you! - Bill hicks

we will decide what you may eat
we will decide what you may read
we will decide what you may watch
we will decide what you may say
we will decide whats best for you
not excluding
re education camps
sterilization camps
extermination camps
this is for your protection and well being
the Government state

in fairness ...

Don't get me wrong: I'm not saying I support such a law. But in fairness, let's admit that, while smart criminals will no doubt find a way around it, it could catch the dumb criminals. And I don't have any statistics on this, but I think the majority of criminals are dumb. I've seen too many stories in the news about criminals who write their holdup notes on the back of deposit slips with their name and address on them, who lock their keys in the getaway car, who call in to radio talk shows to brag about how they got away with the crime, etc. My theory is that people who are smart find legal ways to make money -- maybe ethical and maybe not, but legal. Why risk going to jail for years when you can make more money without taking such a risk?

Is the loss of privacy worth the gain in catching criminals? I don't think so, but let's not pretend there isn't a rational argument.

Lines up nicely

Following on the heels of "Secret Service Prostitution Scandal", we now have "FBI asks internet for backdoor action".

Next up, a request for a joint operation between the NSA, CIA, and FCC utilizing high-temperature superconductors to create piracy-stopping supercomputers - "Government agencies get together for hot three-way".

What's all this talk about non-criminals? There is no such thing. Everyone is a criminal. The only difference is to what degree. Hopefully this makes it clear as to why we must absolutely have more wiretapping laws! /s

Even if the government could force programmers to add back doors for law enforcement agencies like the FBI simply by passing new laws, it would still be possible for criminals to write their own software and/or take open source apps and remove the offending bits from them. Not all criminals are stupid, and the ones who are can always find help from other like-minded individuals. And what about smart law abiding programmers who go rogue and implement back doors into the back doors? In fact who wants to bet some of the software being used by the government doesn't already? Dumb dumb dumb dumb...

Re: Re:

It's a herring.

All of the carriers are already splitting real time communications and transactional data streams of all internet traffic to the NSA. The government already has access to literally every scrap of data. Without a warrant. They couldn't get the clipper chip, so they went after the carriers, successfully after 9/11.

Re: It's a herring.

All of the carriers are already splitting real time communications and transactional data streams of all internet traffic to the NSA. The government already has access to literally every scrap of data.

This is true, however "the government" is not actually a monolithic entity. The NSA cannot legally share their intercepted data with the FBI very easily. They follow different sets of rules.

This is another reason why we should be very wary of legislation to ease data-sharing between different government entities.

And of course..

the FBI won't actually bother with such trivial things as "warrants", or will have all warrants rubber stamped by a judge who knows that if he/she doesn't stamp the warrant he will get a one way ticket to Gitmo.

Following the rules is no longer considered important by any of the federal Gestapo organizations. Sadly, even states and cities ignore the rules as well.

They get away with it because they know no one can stop them or discipline them.

Sooner or later, after laws like this are in place, the feds will notice that point-to-point communications and comms done with open source software can still encrypt effectively.

When they go after this category, the stakes will be fundamentally different. To spy on *all* communications, they'd have to outlaw general-purpose, freely-programmable computers, start requiring licences for compilers and IT people, restrict access to source code.

All this would be barely possible with hardware-based remote control of all new computers. In practice, it won't get to that stage, because the same sort of greed and corruption that enables this current power-grab also affects the economy, and it will collapse first.

Re:

To spy on *all* communications, they'd have to outlaw general-purpose, freely-programmable computers, start requiring licences for compilers and IT people, restrict access to source code.

This sounds similar to the environment Richard Stallman foresaw fifteen years ago in his short story The Right to Read. The Free Software Foundation is committed to never letting a future like that come about.

Competency

They want to have all the keys to all the doors in the known universe so they can have all the data they need to go after criminals.

Tell ya what: let them learn how to open and read their email and then we'll let them have those keys. I bet not one in 10 of those people can even decipher most of their emails and they want what power?

Next up: the Thought Police-wanting to know what you're thinking before you know it.

Besides, isn't this the FBI which is responsible for busting more people in entrapment? Why make it easier for them to do that with?